c4-judge
commented
1 year ago thereksfour marked the issue as satisfactory
Open c4-submissions opened 1 year ago
c4-judge
commented
1 year ago thereksfour marked the issue as satisfactory
Lines of code
Vulnerability details
Lines of code
https://github.com/reserve-protocol/protocol/blob/9ee60f142f9f5c1fe8bc50eef915cf33124a534f/contracts/plugins/assets/RTokenAsset.sol#L163-L175 https://github.com/reserve-protocol/protocol/blob/9ee60f142f9f5c1fe8bc50eef915cf33124a534f/contracts/plugins/assets/RTokenAsset.sol#L53-L69 https://github.com/reserve-protocol/protocol/blob/9ee60f142f9f5c1fe8bc50eef915cf33124a534f/contracts/p1/BasketHandler.sol#L329-L351
Vulnerability details
A vulnerability was identified in the RTokenAsset smart contract where the price oracle could return a significantly higher but valid price whenever any underlying collateral's price oracle times out, specificaly in
tryPrice()which did not previously validate the obtained price range from thebasketHandler.price()call.Mitigation
PR #917 The sponsor responded by adding
requirestatement intryPrice()to ensure that the returned price range is validated to prevent an invalid high price as suggested by the warden.Conclusion
The identified vulnerability has been successfully mitigated with the inclusion of a validation check in
tryPrice()of theRTokenAssetsmart contract. The smart contract now handles the scenario of an underlying collateral's price oracle timeout in a manner that prevents distortion in RToken's oracle price.